| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The OPENSSL_cpu_caps() change after the last bump missed a crucial bit:
there is more MD mess in the MI code than anticipated, with the result
that AES is now used without AES-NI on amd64 and i386, hurting machines
that previously greatly benefitted from it.
Temporarily add an internal crypto_cpu_caps_ia32() API that returns the
OPENSSL_ia32cap_P or 0 like OPENSSL_cpu_caps() previously did. This can
be improved after the release.
Regression reported and fix tested by Mark Patruck.
No impact on public ABI or API.
with/ok jsing
PS: Next time my pkg_add feels very slow, I should perhaps not mechanically
blame IEEE 802.11...
|
|
|
|
|
|
|
|
| |
gcm_{gmult,ghash}_4bit(), aesni_ccm64_decrypt_blocks(), aes_cbc_encrypt(),
and aesni_xts_{en,de}crypt() were overlooked in previous passes.
Found with a diff for ld.lld by kettenis
ok kettenis
|
|
|
|
|
|
|
|
|
| |
cet.h is needed for other platforms to emit the relevant .gnu.properties
sections that are necessary for them to enable IBT. It also avoids issues
with older toolchains on macOS that explode on encountering endbr64.
based on a diff by kettenis
ok beck kettenis
|
|
|
|
|
|
|
| |
This is a variant of the same logic error fixed in ghash-x86_64.pl r1.6.
The code path is only reachable on machines without FXSR or PCLMUL.
ok jsing
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The assembly code for gcm_ghash_4bit() reads one too many times from Xi,
resulting in a four byte overread. Prevent this by not loading the next
value in the final iteration of the loop. If another full iteration is
required the next Xi value will be loaded at the top of the outer_loop.
Many thanks to Douglas Gliner <Douglas.Gliner at sony dot com> for finding
and reporting this issue, along with a detailed reproducer.
Same diff from deraadt@
ok tb@
|
|
|
|
|
|
| |
Replace a pile of byte order handling mess with htobe*() and be*toh().
ok tb@
|
|
|
|
| |
ok tb@
|
|
|
|
| |
ok tb@
|
|
|
|
| |
Found by, compile tested & ok bluhm.
|
|
|
|
| |
ok jsing
|
|
|
|
| |
ok jsing, and kind of tb an earlier version
|
|
|
|
| |
ok jsing
|
|
|
|
| |
ok miod
|
|
|
|
|
|
|
|
| |
At least gcc 12 on Fedora is very unhappy about a plain .rodata and throws
Error: unknown pseudo-op: `.rodata'. So add a .section in front of it to
make it happy.
ok deraadt miod
|
|
|
|
| |
responsible from getting the proper address of those blocks.
|
|
|
|
|
|
| |
responsible from getting the proper address of those blocks.
ok tb@ jsing@
|
|
|
|
|
| |
on amd64. no pic handling is neccessary since amd64 has full reach.
ok kettenis
|
|
|
|
|
|
|
| |
fetch them correctly when building PIC. Also drop unused data, and remove
--no-execute-only from linker flags.
ok kettenis@
|
|
|
|
|
|
|
| |
fetch them correctly when building PIC. Also drop unused data, and remove
--no-execute-only from linker flags.
ok jsing@ kettenis@
|
|
|
|
|
|
|
| |
i removed the arithmetics -> arithmetic changes, as i felt they
were not clearly correct
ok tb
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names
used for internal headers. Move all these headers we inherited from
OpenSSL to *_local.h, reserving the name *_internal.h for our own code.
Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h.
constant_time_locl.h is moved to constant_time.h since it's special.
Adjust all .c files in libcrypto, libssl and regress.
The diff is mechanical with the exception of tls13_quic.c, where
#include <ssl_locl.h> was fixed manually.
discussed with jsing,
no objection bcook
|
|
|
|
|
|
| |
CID 251047 251094
OK beck@ jsing@ millert@ tb@
|
|
|
|
| |
ok tb@
|
|
|
|
|
|
|
|
|
| |
in CRYPTO_ccm128_tag(). Otherwise the caller might end up
using the part of the tag buffer that was left uninitialized.
Issue found by Guido Vranken.
ok inoguchi
|
|
|
|
| |
from Cameron Palmer
|
|
|
|
|
|
| |
defined as they rely on unaligned access.
ok joel@
|
|
|
|
|
| |
block which defines a variable late, after code. Place this chunk into
a { subblock } to satisfy old compilers and old eyes.
|
|
|
|
| |
ok bcook@
|
|
|
|
| |
ok deraadt@ bcook@
|
|
|
|
| |
ok beck@
|
|
|
|
| |
ok guenther@
|
|
|
|
|
|
|
|
|
|
| |
reduces conditional logic (-218, +82).
MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH cache alignment calculation bn/bn_exp.c
wasn'tt quite right. Two other tricky bits with ASN1_STRING_FLAG_NDEF and
BN_FLG_STATIC_DATA where the condition cannot be collapsed completely.
Passes regress. ok beck
|
|
|
|
|
|
| |
supports it as long as it's marked as unified syntax.
ok bcook@ kettenis@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Move the "internal" BN functions from bn.h to bn_lcl.h and stop exporting
the bn_* symbols. These are documented as only being intended for internal
use, so why they were placed in a public header is beyond me...
This hides 363 previously exported symbols, most of which exist in headers
that are not installed and were never intended to be public. This also
removes a few crusty old things that should have died long ago (like
_ossl_old_des_read_pw). But don't worry... there are still 3451 symbols
exported from the library.
With input and testing from inoguchi@.
ok beck@ inoguchi@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
meaningful constants in a private header file, so that reviewers can actually
get a chance to figure out what the code is attempting to do without knowing
all cpuid bits.
While there, turn it from an array of two 32-bit ints into a properly aligned
64-bit int.
Use of OPENSSL_ia32_P is now restricted to the assembler parts. C code will
now always use OPENSSL_cpu_caps() and check for the proper bits in the
whole 64-bit word it returns.
i386 tests and ok jsing@
|
|
|
|
|
|
|
| |
faster-on-genuine-80386-but-slower-on-80486-onwards innstruction sequence in
the SHA512 code, and had not been enabled in years, if at all.
ok tom@ bcook@
|
|
|
|
| |
ok deraadt@
|
|
|
|
| |
ok deraadt@
|
|
|
|
| |
ok miod@
|
|
|
|
| |
ok bcook@ doug@
|
|
|
|
|
| |
for libraries in OpenBSD is to deliberately let NULL pointers cause a SIGSEGV.
ok doug@ jsing@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are a few instances where #if 1 is removed but the code remains.
Based on the following OpenSSL commits. Some of the commits weren't
strictly deletions so they are going to be split up into separate commits.
6f91b017bbb7140f816721141ac156d1b828a6b3
3d47c1d331fdc7574d2275cda1a630ccdb624b08
dfb56425b68314b2b57e17c82c1df42e7a015132
c8fa2356a00cbaada8963f739e5570298311a060
f16a64d11f55c01f56baa62ebf1dec7f8fe718cb
9ccc00ef6ea65567622e40c49aca43f2c6d79cdb
02a938c953b3e1ced71d9a832de1618f907eb96d
75d0ebef2aef7a2c77b27575b8da898e22f3ccd5
d6fbb194095312f4722c81c9362dbd0de66cb656
6f1a93ad111c7dfe36a09a976c4c009079b19ea1
1a5adcfb5edfe23908b350f8757df405b0f5f71f
8de24b792743d11e1d5a0dcd336a49368750c577
a2b18e657ea1a932d125154f4e13ab2258796d90
8e964419603d2478dfb391c66e7ccb2dcc9776b4
32dfde107636ac9bc62a5b3233fe2a54dbc27008
input + ok jsing@, miod@, tedu@
|
|
|
|
| |
the 64-bit code has to be disabled under OpenBSD/hppa.
|
|
|
|
|
|
|
|
|
| |
an OPENSSL_NO_* define. This avoids relying on something else pulling it
in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is
never going to do anything, since OPENSSL_NO_XYZ will never defined, due
to the fact that opensslconf.h has not been included.
This also includes some miscellaneous sorting/tidying of headers.
|
|
|
|
|
| |
more friendly to systems where the underscore flavours may be defined as empty.
Found the hard way be bcook@; joint brainstrom with bcook beck and guenther
|
| |
|
| |
|
|
|
|
| |
ok miod
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
than defining it for not (i386 and amd64 (and sometimes s390)) only.
Compile-time tests remain compile-time tests, and runtime-test remain
runtime-test instead of being converted to compile-time tests, per matthew@'s
explicit demand (rationale: this makes sure the compiler checks your code even
if you won't run it).
No functional change except on s390 (which we don't run on) and vax (which we
run on, but noone cares about)
ok matthew@
|